You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by ki...@apache.org on 2021/11/06 03:29:39 UTC

[commons-imaging] branch master updated: [IMAGING-317] Fix NPE when a PNG indexed image does not have a PLTE chunk

This is an automated email from the ASF dual-hosted git repository.

kinow pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-imaging.git


The following commit(s) were added to refs/heads/master by this push:
     new 0865b15  [IMAGING-317] Fix NPE when a PNG indexed image does not have a PLTE chunk
0865b15 is described below

commit 0865b1571aac87f49e7f743eae00e32bc34b365f
Author: Bruno P. Kinoshita <ki...@apache.org>
AuthorDate: Sat Nov 6 16:22:55 2021 +1300

    [IMAGING-317] Fix NPE when a PNG indexed image does not have a PLTE chunk
---
 src/changes/changes.xml                                 |   3 +++
 .../commons/imaging/formats/png/ScanExpediter.java      |   3 +++
 .../apache/commons/imaging/formats/png/PngReadTest.java |  16 ++++++++++++++++
 ...testcase-minimized-ImagingPngFuzzer-6242400830357504 | Bin 0 -> 707 bytes
 4 files changed, 22 insertions(+)

diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 8eb8dd6..34f3291 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -162,6 +162,9 @@ The <action> type attribute can be add,update,fix,remove.
       <action issue="IMAGING-315" dev="kinow" type="update" due-to="Arturo Bernal">
         Remove redundant variables
       </action>
+      <action issue="IMAGING-317" dev="kinow" type="fix" due-to="OSS-Fuzz">
+        A PNG image using indexed color type but no PLTE chunks throws NPE.
+      </action>
     </release>
     <release version="1.0-alpha2" date="2020-08-01" description="Second 1.0 alpha release">
       <action issue="IMAGING-258" dev="kinow" type="update" due-to="Gary Lucas">
diff --git a/src/main/java/org/apache/commons/imaging/formats/png/ScanExpediter.java b/src/main/java/org/apache/commons/imaging/formats/png/ScanExpediter.java
index 52752ca..b9e3a69 100644
--- a/src/main/java/org/apache/commons/imaging/formats/png/ScanExpediter.java
+++ b/src/main/java/org/apache/commons/imaging/formats/png/ScanExpediter.java
@@ -127,6 +127,9 @@ abstract class ScanExpediter {
         case INDEXED_COLOR: {
             // 1,2,4,8 Each pixel is a palette index;
             // a PLTE chunk must appear.
+            if (pngChunkPLTE == null) {
+                throw new ImageReadException("A PLTE chunk is required for an indexed color type.");
+            }
             final int index = bitParser.getSample(pixelIndexInScanline, 0);
 
             int rgb = pngChunkPLTE.getRGB(index);
diff --git a/src/test/java/org/apache/commons/imaging/formats/png/PngReadTest.java b/src/test/java/org/apache/commons/imaging/formats/png/PngReadTest.java
index fa7f69f..646af64 100644
--- a/src/test/java/org/apache/commons/imaging/formats/png/PngReadTest.java
+++ b/src/test/java/org/apache/commons/imaging/formats/png/PngReadTest.java
@@ -94,4 +94,20 @@ public class PngReadTest extends PngBaseTest {
         final PngImageParser parser = new PngImageParser();
         assertThrows(ImageReadException.class, () -> parser.getBufferedImage(new ByteSourceFile(new File(file)), Collections.emptyMap()));
     }
+
+    /**
+     * Test that a PNG image using indexed color type but no PLTE chunks
+     * does not throw a {@code NullPointerException}.
+     *
+     * <p>See Google OSS Fuzz issue 37607</p>
+     *
+     * @throws IOException if it fails to read the test image
+     */
+    @Test
+    public void testUncaughtExceptionOssFuzz37607() throws IOException {
+        final String input = "/images/png/IMAGING-317/clusterfuzz-testcase-minimized-ImagingPngFuzzer-6242400830357504";
+        final String file = PngReadTest.class.getResource(input).getFile();
+        final PngImageParser parser = new PngImageParser();
+        assertThrows(ImageReadException.class, () -> parser.getBufferedImage(new ByteSourceFile(new File(file)), Collections.emptyMap()));
+    }
 }
diff --git a/src/test/resources/images/png/IMAGING-317/clusterfuzz-testcase-minimized-ImagingPngFuzzer-6242400830357504 b/src/test/resources/images/png/IMAGING-317/clusterfuzz-testcase-minimized-ImagingPngFuzzer-6242400830357504
new file mode 100644
index 0000000..3bb5eeb
Binary files /dev/null and b/src/test/resources/images/png/IMAGING-317/clusterfuzz-testcase-minimized-ImagingPngFuzzer-6242400830357504 differ